vulnerability

Debian: CVE-2021-28693: xen -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Jun 30, 2021

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.

Solution

debian-upgrade-xen

References

CVE-2021-28693
https://attackerkb.com/topics/CVE-2021-28693
EUVD-EUVD-2021-15350
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-15350

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report